Self-service or HelpDesk – How Should You Clean Out the Spam Trap?

One of the decisions I see my customers consider time and again is how to handle quarantined mail. They deploy a spam filtering solution of some type, and it does an effective job of blocking junk from getting to users’ inboxes, but inevitably, there’s going to be a false positive in there somewhere, and my clients wonder what the best way to handle that is. In today’s post, let’s take a look at the dreaded false positive, what it can mean for both users and IT, and options for how to handle it.

False positives

When talking about spam, a false positive is a message that is identified as spam by the filtering system, but actually should be delivered to the recipient as legitimate mail. It might be that a key word or phrase tripped a filter, or perhaps the sending system either has a malformed SPF record or no record at all, or the sending ip.addr is in a range flagged for residential use. Whatever the reason, there is now a message that has been marked as spam, but should have been delivered to the recipient. If they were expecting it, they will be looking for it. Far more often, false positives were the first attempt at communication, never got to the recipient, and leave the sender wondering why they aren’t getting a response. When these false positives occur, something has to be done, or eventually they can use up all your available disk space.

HelpDesk tickets

One way to handle this is to leave all suspected spam in quarantine, and let users open helpdesk tickets when they are missing something. Whether the helpdesk can go check and release themselves, or if they need to route the ticket to the messaging team, will depend on you, but the biggest benefit to this is it lets you track your false positive rate, and also, tune your filters when necessary,

Self service

Most email admins and helpdesk members will vote for this. Let users go in and release their own false positives. Better yet, deliver all suspected spam to their junk mail folder and let them tend to things themselves. Both of these are good approaches if you use Outlook with Exchange, and trust your users to tend to themselves. It also cuts down on the amount of space quarantine takes up on your hub transport servers, though it trades that for space on your mailbox servers. Since you probably have more mailbox servers, and those each have more space than a hub transport server, it’s a fair trade.

The Island if Misfit Toys

Err, make that, misfit mail. These are the messages no one asked after. Most often, administrators configure their quarantine to automatically delete messages over a certain age, like thirty days. While that is one way to approach it, how many of those messages are from legitimate current or potential customers, and represent lost opportunities, or customer satisfaction issues. Best if someone parses those on a regular basis to find the messages that need to be forwarded, but that can be a significant amount of work. I like to leave that to the interns, newest employees, or assign it to those who hit reply all one time to many.

Dead and gone

Whether you keep mail in quarantine or deliver to each user’s junk mail folder, it’s important to purge out old messages or they will just take up more and more space. Thirty days is the default, but you may choose to change that based on your volume and needs. Make sure you educate users on this, and that they understand once a piece of suspected junk ages out that it’s gone for good. You don’t want to waste time and space backing up or restoring junk mail. Thirty days should be plenty of time for a user to notice that they are missing something.

Ultimately, it’s up to you how you choose to handle junk mail in your enterprise. Hopefully this post gave you some things to consider. Now, I want to ask you to give us some things to consider. How are you currently handling false positives and the quarantine? Do users open a ticket, can they self-serve, or does blocked mail simply go to the bit bucket with no chance for appeal? Let us know what you are doing, and how that’s working out for you. I’m curious about how you, our readers, address this topic. Thanks!

I currently work as a Senior Messaging Consultant for one of the premier consulting firms in the world, I cut my teeth on Exchange 5.0, and have worked with every version of Microsoft’s awesome email package since then, as well as MHS, Sendmail, and MailEnable systems. I've written dozens of articles on behalf of my past employers, their partners, and others, and I finally decided to embrace blogging and social media, so please follow me on Twitter @caspermanes if you enjoy my posts.

0 Comments

The problem is that many companies are not even aware of the false positives issue and do nothing. I am afraid, many of my legit emails to which I got to answer whatsoever ended in some company’s quarantine. Too bad – there are so many approached to deal with false positives and doing nothing but just ignoring them is the worst approach for sure.

I get a lot of false positives. I think it’s an automatic thing for my system when it checks the pages or links that I download. I do not know if that’s a good thing or not, but it can sometimes become annoying because even legitimate messages or files are detected as spam. I didn’t know, though, that there are other options I can try out for taking care of them. Thank you for explaining things and for giving me a clearer picture of what I need and what I should do with all the false positives I am getting.